Malware Injection - also known as Drive-by Downloading - is a hacker technique designed to steal information from Internet users by forcing them to automatically download malicious software without their knowledge or consent.

This is achieved by injecting malicious code into vulnerable websites. This code in turn exploits software vulnerabilities on end-user PCS to bypass browser restrictions and to automatically download and execute malicious software such as Trojan horses or Botnet Drones.

As of August 2009, Google1 claims to have indexed over 350,000 websites that are pushing active malware to computers browsing them.

Figure 1: Google statistics for indexed pages injecting malware

A typical malware injection scenario is as follows:

A hacker injects malicious code or scripts into a vulnerable website. These scripts typically retrieve malicious software (malware) from a 3rd party site controlled by the hacker.

The retrieved malware is then pushed to the computers of end-users browsing the vulnerable website. In general the malware has the following features:

Downloads silently without the Internet user's consent or knowledge.

Evades detection by commercial desktop antivirus solutions.

Exploits vulnerabilities in the web browser or in browser-bundled software such as Flash plug-ins or Adobe.

Once downloaded to the user's PC, the malware silently executes to install malicious programs that steal end user information. These programs include key loggers, screen scrapers, screen casting tools and password harvesters.